<?php
	require_once 'conn/DBconnect.php';
	require_once 'utils/securityUtils.php';
	
	session_start();
	
	$loginResult = "";
	if(isset($_SESSION['tokenNumber']) && isset($_SESSION['loginToken']))
	{
		if($_SESSION['tokenNumber'] == $_POST["token"])
		{
			$params[0] = "LOGIN";
			$params[1] = $_POST['username'];
			$params[2] = $_POST['password'];
			$params[3] = "LOGIN";
			
			$loginPROC = "CALL SP_VALIDATOR('" . implode("', '", $params) . "');";
			$result = mysqli_query($mysqlLink, $loginPROC);
			 	
			$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
			
			if( $row["err_id"] != '-1')
			{
				SecurityUtils::updateToken();
				
				$loginResult = $row["err_id"];
				if($row["err_id"] == 0)
					$_SESSION['isRegistered'] = false;
				else
					$_SESSION['isRegistered'] = true;
					
				$_SESSION['loggedUser'] = $row;
			}
			else
				$loginResult = $row["err_code"];
			
			mysqli_free_result($result);
	 	
	 		mysqli_close($mysqlLink);
		}
		else
			$loginResult = "Invalid request.";
	}
	else
		$loginResult = "Invalid request.";
		
echo $loginResult;
	
	
	